For future readers, @duke wrote up an entire article about this: https://medium.com/@osain/deploying-fusionauth-docker-on-fly-io-8fbeb0469556

@t-vanherwijnen

Thanks for the question! I believe that you might want to reference this bit of doco

https://fusionauth.io/docs/v1/tech/guides/multi-factor-authentication#optionally-send-the-code

Thanks,
Josh

Got the right answer in the Slack channel – I needed to update the theme templates too 🙂

@support-0 also, what version of FusionAuth are you running? There were some issues with the SMTP debug log that were resolved in 1.37.0: https://fusionauth.io/docs/v1/tech/release-notes#version-1-37-0

@dan

Thanks!
I made the new issue https://github.com/FusionAuth/fusionauth-issues/issues/1907

@prawee

Glad to hear it. Issues such as this can require a bit more context to debug. Feel free to post log output if the issue persists or log a bug report below (if considered a bug)

https://github.com/FusionAuth/fusionauth-issues/issues/new/choose

Thanks,
Josh

@steven-bedford

We may need more information regarding your setup. If you feel like you are having a bug, I would encourage you to log one below:

https://github.com/FusionAuth/fusionauth-issues/issues/new/choose

Thanks,
Josh

Updated the documentation to reflect where the claims are pulled from more precisely: https://github.com/FusionAuth/fusionauth-site/pull/1636

Please do let me know about the escaping of the claim when you get a chance, @nathan .

@lsmith said in 2FA On Login:

Is it possible to have Two Factor Authentication in conjuction with Google and OpenId Identity Providers when using the hosted login pages?

Nope. This is because when you are using an identity provider, the identity provider is assumed to have done everything needed to authenticate the user. FusionAuth is delegating everything to that.

You could, if you need to, immediately do a "step up" auth in your application, but FusionAuth won't take care of this for you.

If you'd like to submit a feature request for this further explaining your use case, feel free to do so (you can reference this forum post): https://github.com/fusionauth/fusionauth-issues/issues

@kayweng-foong

How I can use OAuth authorize endpoint without fusionauth login UI ?

It depends on which grant you want to use. If you want to use the Authorization Code grant, which is what we typically recommend, then you are going to use the FusionAuth login UI (which can be customized via themes).

If you want to use the password grant, you can build your own UI. There's more on that grant here: https://fusionauth.io/docs/v1/tech/oauth/

If you don't care about using OAuth at all, but just want login functionality, you can use the Login API: https://fusionauth.io/docs/v1/tech/apis/login

If you want SSO between different applications, however, you need to use the Authorization Code grant. You are right, there's other related functionality (cookies, etc) that is required for SSO that is managed by the FusionAuth UI (often called the "hosted login pages").

There's an open issue: https://github.com/FusionAuth/fusionauth-issues/issues/1515 to allow for more management of the SSO session via API. Please feel free to upvote this issue and/or add your use case to the comments, as that helps us with our roadmap planning.

@charles-harris-de

Hiya,

Microsoft documentation is abundant and confusing, but this SO question seems to give you an answer: https://stackoverflow.com/questions/66643625/azure-ad-fetch-tenant-id-using-client-details

They suggest using the client credentials grant and retrieving a token. You'd have to use Lambda HTTP Connect to make this call from inside one of the FusionAuth lambdas.

I have not tested this. Please let me know if you found other workarounds or solutions.

Thanks @joshua I'll transmit the link to our infra team. Hopefully upgrade will happen soon. Currently we use version 1.28.1, from one year ago. Do you think upgrade could affect JWT signatures ?

An update.

So, I tried adding another IdP. This time with MS/Azure AD (using the tutorial https://fusionauth.io/docs/v1/tech/identity-providers/openid-connect/azure-ad). While going through the process, it seems that the port number was also added this redirect_uri here. So my guess is, it's hardcoded somewhere for the IdP stuff, and get inserted as part of the redirect without checking the domain/port FA is currenlty being run on.

@barb_flannery Hi, I discovered that by enabling Java Script for Safari on both iphones solved this problem.
I don't know how to mark this question as "Solved" - If anyone that reads this knows how to close it - please do so.
Many thanks.
Barb

@nalenz-divizend

Thanks for the heads up - this is being reviewed under ->

https://github.com/FusionAuth/fusionauth-issues/issues/1894

Thanks!
Josh

@abehari

Marking this as "solved" as this was addressed out of band. Let us know if there are any other questions.

Thanks,
Josh

@devops-1

Marking this as resolved as this was solved out of band from this forum.

https://fusionauth.io/docs/v1/tech/installation-guide/cloud#limits

related documentation about adding a whitelist entry.

@blake-whittle

FusionAuth deploys quickly for a multitude of devices and platforms.

https://fusionauth.io/download

We have an installation guide below

https://fusionauth.io/docs/v1/tech/installation-guide/

Finally, you can always reach out to our sales team for a good ole fashioned demo of how it can be deployed and used:

sales@fusionauth.io

I hope this helps!

Thanks,
Josh
FusionAuth

@dan said in SAML invalid timestamp.:

@joseantonio

We opened a bug and reviewed our SAML code and were unable to replicate the issue.

Here's the bug: https://github.com/FusionAuth/fusionauth-issues/issues/1486

If you can add any replication steps or other information to this bug, that would be very helpful. Otherwise we'll close it out in a week or so.